domingo, 27 de noviembre de 2011

Wireshark

Ok, in the last publications many people talk about encrypt, security, pings, and other, but we need to know a some tools that can help to want vulnerabilities in ours network, for example the information that we send and pass to the modem or other computer, this information is encrypt or go visible? or how many package we send and what package we send.

For this things have a many tools for example, nmap (this help to know the network, ports, information of the computer connected in the local network), aircrack (help to decrypt the key of the router or modem), kismet (help to put the network card in mode monitor "sniff"), wireshark(sniff packages).

But and talk about wireshark, is a tool using to make testing in the network

We can download putting in terminal sudo apt-get install wireshark

Then we run in mode administrator (sudo)

Then we go in Interface List and choose wlan0Next the program open a window showing the package that was sendingThen of a little time, we stop the program.Stoplistening andyou will seethe information, forexample whereis the place togoand what yourdestination.Ifwe clickonone of themwewill displayallyour specific information,which is whereyouusedthatport, protocol, etc.Also whatcan be done isthat you giveand give itthe 2ndbuttonFolloTCPStream andteach youtheinformation beingsent.If we try toread it, we can not, as many times thisisencrypted, so you will not see, rather thanthe oddline.But nowwe knowhow this works,seenwith theprevious, so we can implementany toolor program tounzipusthe information.Forthis toohaswiresharkdecryption tool, it is a matter ofus to choosewhich is theindicagaas theydeal with differentprotocols.Tofacilitatethiswe can alsoset filters, that iswhichat a certainport andip.